基于用户标识的OpenStack身份认证协议
OpenStack Authentication Protocol Based on User Identity
DOI: 10.12677/CSA.2019.912266, PDF,    科研立项经费支持
作者: 李 妍*, 张航航, 水莹莹:郑州大学软件学院,河南 郑州
关键词: OpenStackCPK身份认证协议OpenStack CPK Authentication
摘要: OpenStack是开源云平台管理项目,依靠Keystone组件产生的Token进行身份认证。为了兼顾到OpenStack的安全性和提升认证效率,在已有的UUID token、PKI token、PKIZ token、fernet token认证的基础上本文提出全新的基于用户标识的身份认证,以Keystone为中心将用户身份与权限相结合,利用双因子CPK技术生成唯一密钥,在保证了Token的安全性同时兼顾到认证效率,省去服务节点验证Token的有效性时需要Keystone组件协助的步骤,支持本地验证token,简化了认证流程,提高了身份认证的效率。
Abstract: OpenStack is an open source cloud platform management project that relies on tokens generated by Keystone components for identity authentication. In order to take into account the security of OpenStack and improve the authentication efficiency, based on the existing UUID token, PKI token, PKIZ token, and fernet token authentication, this article proposes a brand new identity authentication based on user identity. The combination of permissions uses the two-factor CPK technology to generate a unique key, which ensures the security of the token while taking into account the authentication efficiency, eliminating the steps that the service node needs to assist with the Keystone component when verifying the validity of the token, supporting local verification of the token, and simplifying the authentication process has been improved, and the efficiency of identity authentication has been improved.
文章引用:李妍, 张航航, 水莹莹. 基于用户标识的OpenStack身份认证协议[J]. 计算机科学与应用, 2019, 9(12): 2394-2402. https://doi.org/10.12677/CSA.2019.912266

参考文献

[1] Woo, S.W., Joh, H.C., Alhazmi, O.H., et al. (2011) Modeling Vulnerability Discovery Process in Apache and IIS HTTP Servers. Computers & Security, 30, 50-62. [Google Scholar] [CrossRef
[2] Wen, X., Gu, G., Li, Q., et al. (2012) Comparison of Open-Source Cloud Management Platforms: OpenStack and OpenNebula. 9th International Conference on Fuzzy Systems and Knowledge Discovery, Sichuan, 29-31 May 2012, 2457-2461. [Google Scholar] [CrossRef
[3] Khan, R.H., Ylitalo, J. and Ahmed, A.S. (2011) OpenID Au-thentication as a Service in OpenStack. The 7th International Conference on Information Assurance and Security, Melaka, 5-8 December 2011, 372-377. [Google Scholar] [CrossRef
[4] 熊微, 房秉毅, 张云勇, 吴俊, 李素粉. OpenStack认证安全问题研究[J]. 邮电设计技术, 2014(7): 21-25.
[5] 吴玉宁, 王欢, 苏伟, 等. OpenStack身份认证安全性分析与改进[J]. 长春理工大学学报(自然科学版), 2015, 38(5): 112-116.
[6] 南相浩, 陈华平. 组合公钥(CPK)体制标准(Ver2.1) [J]. 金融电子化, 2009(2): 61-62.
[7] 赵小伟, 王绍斌. 基于标识算法的密钥管理体系和CPK认证[J]. 信息安全与通信保密, 2007(6): 200-202.
[8] 朱智强, 林韧昊, 胡翠云. 基于数字证书的OpenStack身份认证协议[J]. 通信学报, 2019, 40(2): 188-196.
[9] 周长春, 田晓丽, 张宁, 杨宇君, 李铎. 云计算中身份认证技术研究[J]. 计算机科学, 2016, 43(S1): 339-341.
[10] Cui, B.J. and Xi, T. (2015) Security Analysis of OpenStack Keystone. International Conference on Innovative Mobile & Internet Services in Ubiquitous Computing, Blumenau, 8-10 July 2015, 283-288. [Google Scholar] [CrossRef